Meraki

Community

Adding MX-67 inside the network and declare vlans

Tarmahmood1
Getting noticed
‎May 14 2025 3:36 AM
‎May 14 2025 3:36 AM

Adding MX-67 inside the network and declare vlans

Hello, 

 

Got a request from client that, if he has spare MX-67 applaince and wants to keep next to his desk, meaning the uplink will be switch and he will configure some vlans on it which will be different from MX-95. At uplink side we have MX-95 which has DHCP and vlans configured.

 

I have never thought about such setup. Is it worth to test to have MX-67 and declare some VLANs which will not be part of entire network. Is it really feasible or worth to test. any idea? . as of now i dont know what his intention are...

test.jpeg

0 Kudos
5 Replies 5
Main10ence
Meraki Employee
Meraki Employee
‎May 14 2025 4:51 AM
‎May 14 2025 4:51 AM

Hello @Tarmahmood1,

 

The topology that you have laid out is feasible. The VLANs configured on the MX67 will not compete with the VLANs on the MX95.

 

The egress for the MX67 will be a VLN ON THE MX95. 

 

I hope that this makes sense. Let me know if you have any questions.

.ılı.ılı. Cisco Meraki
Network Support Engineer

"The future favors the bold."
alemabrahao
Kind of a big deal
‎May 14 2025 4:57 AM
‎May 14 2025 4:57 AM

I think you should first try to understand what his need is? It is possible to do this, but we need more details to see if it is really a good option or not.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
rhbirkelund
Kind of a big deal
Kind of a big deal
‎May 14 2025 10:33 AM
‎May 14 2025 10:33 AM

Just make sure you do not configure subnets on the LAN side of your spare MX, that is also being used on the uplink interface. Meaning, if your spare MX has 192.168.1.10/24 on its Interface, do not configure a vlan on the spare MX that uses 192.168.1.0/24.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
GIdenJoe
Kind of a big deal
Kind of a big deal
‎May 14 2025 1:00 PM
‎May 14 2025 1:00 PM

Default behavior on any MX is NAT on the WAN which means all traffic behind the MX67 will be NAT'ed to the WAN IP of that MX.  Like others have pointed out.  You can't have the WAN interface of the MX67 have the same subnet/overlapping subnet from one of the VLANs that is behind it.  You can however have an overlapping subnet on a different interface on the MX95 since the WAN interface of the MX67 will not now about it.

PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 14 2025 1:31 PM
‎May 14 2025 1:31 PM

I have had a customer do exactly this.  It was in their R&D section.

 

Every developer has an MX on their desk, and they are allowed admin access to their own test network, and can replicate whatever IP configuration and VLANs they want for testing software and devices.

Their MX's connect to a dedicated switch (not in their control), that connected to a dedicated VLAN on the upstream MX (also not under their control), to limit any damage they could do to the corporate network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.